nadnerB's CloudatCost Project Journal
-
Fyi the yum -y just pre accepts the install. Otherwise it will fetch the package information tell you what it is and the size and ask you if you'd like to install or not.
-
@thecreativeone91 said:
Fyi the yum -y just pre accepts the install. Otherwise it will fetch the package information tell you what it is and the size and ask you if you'd like to install or not.
Thanks
-
CentOS is secure by default. Firewall is already locked down.
-
@scottalanmiller not 100% sure what you mean by
Firewall is already locked down.
After Googling I discovered that it's called firewalld.
I ran the following to check the statussystemctl status firewalld
Which resulted in:
Does that mean that the firewall is off or on? -
Looks like the last one is stopping. You can also start it by
systemctl start firewalld
and enable it at system start withsystemctl enable firewalld
-
Thanks that got it
-
Following the instructions kindly provided by @JaredBusch on installing Fail2Ban
http://mangolassi.it/topic/4108/how-to-fail2ban-on-centos-7 -
Righto, so the firewall (enabled and on but no custom configs yet) and fail2ban are done.
-
So, today I'd like to set up SSH but I'll check on the fail2ban that I did yesterday.
Ā
Logged in as my non-root user account
fail2ban-client status sshd
... looks like it requires use of sudo to check
Apparently my non-root account requires listing in a 'sudoers file'... righto.
Ā
One goes the lab coat as I step into the research mode... -
I think I'll do this by group permissions instead of individual permissions.
New group createdgroupadd <group name>
User addedusermod <user> -G <groupname>
Check members of the groupgrep ^<group name> /etc/group
- success
-
Righto, so it looks like the Sudoers file, that I need to edit, is read only.
However, I have found what looks like a good set of instructions here: https://www.digitalocean.com/community/tutorials/how-to-edit-the-sudoers-file-on-ubuntu-and-centos
EDIT: This initial setup guide has a slightly different (I think) way of doing it (step 4) https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-12-04 -
Hmmm, perhaps editing the Sudoers file is not a good idea...
Should I edit the file and add my username or just usesu
?
Comments @JaredBusch, @thecreativeone91, @scottalanmiller or @thanksajdotcom ?
EDIT: I'll hold off on deploying this for now. -
@nadnerB said:
Hmmm, perhaps this is not a good idea...
Comments @JaredBusch, @thecreativeone91, @scottalanmiller or @thanksajdotcom ?
EDIT: I'll hold off on deploying this for now.I log in as root directly to all my servers.
-
@nadnerB said:
Hmmm, perhaps this is not a good idea...
Comments @JaredBusch, @thecreativeone91, @scottalanmiller or @thanksajdotcom ?
EDIT: I'll hold off on deploying this for now.You don't edit the file You'd
gpasswd -a nadnerb wheel
where nadnerb is the username you wish to give sudo privileges too. -
@thanksajdotcom said:
@nadnerB said:
Hmmm, perhaps this is not a good idea...
Comments @JaredBusch, @thecreativeone91, @scottalanmiller or @thanksajdotcom ?
EDIT: I'll hold off on deploying this for now.I log in as root directly to all my servers.
I personally would disable root access over SSH after the initial setup.
-
@thanksajdotcom said:
@nadnerB said:
Hmmm, perhaps this is not a good idea...
Comments @JaredBusch, @thecreativeone91, @scottalanmiller or @thanksajdotcom ?
EDIT: I'll hold off on deploying this for now.I log in as root directly to all my servers.
Thanks for your input but I won't be doing this
-
@thecreativeone91 said:
@nadnerB said:
Hmmm, perhaps this is not a good idea...
Comments @JaredBusch, @thecreativeone91, @scottalanmiller or @thanksajdotcom ?
EDIT: I'll hold off on deploying this for now.You don't edit the file You'd
gpasswd -a nadnerb wheel
where nadnerb is the username you wish to give sudo privileges too.Fantastic! Thanks!
-
@thecreativeone91 said:
@thanksajdotcom said:
@nadnerB said:
Hmmm, perhaps this is not a good idea...
Comments @JaredBusch, @thecreativeone91, @scottalanmiller or @thanksajdotcom ?
EDIT: I'll hold off on deploying this for now.I log in as root directly to all my servers.
I personally would disable root access over SSH after the initial setup.
On the secret To-Do list
-
@nadnerB said:
@thecreativeone91 said:
@nadnerB said:
Hmmm, perhaps this is not a good idea...
Comments @JaredBusch, @thecreativeone91, @scottalanmiller or @thanksajdotcom ?
EDIT: I'll hold off on deploying this for now.You don't edit the file You'd
gpasswd -a nadnerb wheel
where nadnerb is the username you wish to give sudo privileges too.Fantastic! Thanks!
No Problem. It's just a group you add it to, as the group has sudo premissions (sudoers file) .
-